Let's have a look at the network time protocol. Keeping accurate time is critical for the network to function properly and to maintain synchronized logs across all devices. If the clocks are off some, authentication protocols and even DNS might fail. Matching log information with incorrect timestamps is very time consuming and makes troubleshooting really hard and use consistent time zones either UTC or your local time zone. In case of a security incident you may need to match the DHCP log with NAT entries locally and match those with information sent by a remote site administrator. Let's have a look at the design recommendations for precise timekeeping. It's not recommended to run an NTP server inside a virtual machine. NTP servers can live on the same servers as the DNS resolvers and DHCP servers though. Also be aware that unpatched software can turn misconfigured NTP servers into attack amplifiers. There have been several famous recent denial of service attacks making use of unprotected NTP servers. If you're running a pair of ID management or DNS servers like Active Directory then they can and probably already do act as your DNS, NTP and DHCP servers. Let's have a look at the software and the configuration. ntpd is the well-known software but has a history of security issues. It may well be worth having a look at crony or open ntpd if there is a strata 1 NTP clock nearby, the local internet exchange point, for example. then you could use that but it's also good enough to use pool.ntp.org. Not all operating systems and devices allow having more than one NTP server listed so be aware of that when you come to do your configuration.

© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.